As you use the internet your data is being monitored and collected by various parties, some of this is purely diagnostic whilst many are for data mining to sell to third parties. Hackers will gather data for targeted attacks or directly access your account login details. I will go over the different tools you can use to increase your privacy and secure your data from interception and collection. With increased security, there is an increase in complexity and a decrease in performance, knowing multiple types of security allows you to choose the best for your needs avoiding unnecessary trade-offs.
The table below summarises the different technologies from the most secure to the least.
| Method | Protection | Best Use |
| Tor Browser | Traffic Encyption Multiple IP Address Changes Tracking Protection Does not store browser data or history Canvassing Protection | Maximum Privacy |
| VPN | Traffic Encryption Changes Source IP | Public Locations Everyday Protection Changing Country |
| Private Browser | Tracking Protection Does not store data or history | Hide Browsing History High risk websites |
| Proxy (SOCKS 5) | Changes Source IP | Changing Country |
A combination of the above methods will provide you the best privacy and enable you to limit the disruption caused.
Tor Browser
The Tor network is the most secure method of communicating but can be slow and unreliable.
Process
- A connection to the Tor network is established, and a client Tor Browser is opened.
- The Tor Browser is running in private mode by default and does not store any data.
- As you request traffic the request is sent encrypted to your Tor node, the first node then passes the traffic to another node and down a chain until it is sent by the final node to the destination server.
- The destination server sends a response back to the endpoint tor node that returns the data via the chain to your client browser.
PROS
+ Traffic is encrypted and passed through a multi-hop route obscuring the source and destination.
+ Client is designed to store no traffic preventing traces from being accessible on the client or by the destination server.
+ Client is designed to resist the majority of canvassing techniques to identify the user.
CONS
– Traffic routing and encryption break many website logins making it difficult to use. EG banking sites.
– Many services and networks block any Tor-based communications as it is used to hide hacking attacks.
– Websites generate additional blocks or prompts as your communications are viewed as suspicious.
– Tor network is much slower than any other method and can sometimes fail resulting you a full restart of the client and reconnection.
– Nodes have been used to intercept traffic.
VPN (Virtual Private Network)
Probably the best-known and advertised technology for improving your privacy online, VPNs work by establishing an encrypted tunnel between your device and an endpoint server.
Process
- Using a client you establish a encypted connection to your VPN provider server.
- All your traffic is placed in this encypted tunnel.
- Network devices between you and the VPN server see your encrypted traffic destined for the VPN endpoint.
- Sites or services you are accessing see the communications coming from the IP of your VPN endpoint server.
- The VPN server receives responses from your desitnation and places them back in the encypted tunnel to your device.
PROS
+ Your internet traffic is hidden (encrypted) from man-in-the-middle monitoring.
+ Destination service does not know your IP and geographical location.
+Can be configured globally for your network.
CONS
– VPN does not alter the traffic that your browser or other applications provide to the services, all the various tracking methods and data collection still occur within the applications.
Private Browsing
Another popular method primarily used to hide local browsing history, through the use of a blank browser windows it also improves online privacy by blocking services accessing other sites stored data.
Process
- The browser establishes a connection from a blank (sandbox) window.
- The website cannot read any stored cookies or sessions and cannot gather data on other online activities.
- Once the window is closed all data generated is deleted preventing any other site from knowing the activities from the private browser session.
PROS
+ Websites cannot spy on other website data to gather data on your online activities.
+ Data from private sessions cleared removing traces of activities.
CONS
– No additional encryption leaves communications open to monitoring by networks between you and the server.
– Does not alter client IP, a website can view your geographical location and often physical address.
– Moden canvasing methods used by many sites no longer need cached data to identify users.
– Depending on the browser and extensions used private browser data is leaked to other logs and services leaving traces of activity on the client machine.
Proxy (SOCKS 5)
Proxies provide the function of hiding the source IP of the client, this is primarily used for changing geographical locations.
Process
- Your browser/application is configured with a proxy server address, or you open a proxy website page.
- Your request is sent to the proxy server that forwards traffic to your destination.
- The destination receives traffic from the proxy server and replies to the proxy server.
- The proxy server forwards the destination response back to the client.
PROS
+ Hides client IP and geographical location.
+ Very fast and can be set up once.
+ Web service proxys can change client browser information.
CONS
– Provides no encryption.
– All client application data is unchanged.
HTTPS (Extra Note)
HTTPS or secure connection is the primary way of preventing data interception whilst online, this however is a technology provided from the destination website and is outside of the users control. However you should always check that the website is using HTTPS and the connection is secure before entering any information or logging into a website.
DNS over HTTPS (DoH)
DoH ensures that your name request (DNS) traffic is encrypted to hide your activites from ISP’s or other individuals monitoring your traffic. DoH however is an emerging technology that has a high level of complexity and issues, this is the reason I have not incuded it as a main way to increase privacy.
Technology providers (Microsoft, Google, Firefox) are working to directly itegrate DoH into their products meaning that in the future this step should be enabled and transparent to the end user.
The below post covers more details on general DNS security
